Consent Receipt

A consent receipt is a structured record that documents a specific consent transaction. It typically includes the identity of the data subject, the identity of the data controller, the purpose of processing, the categories of data covered, the timestamp of consent, the version of the privacy notice presented, and whether consent was granted or denied.

The receipt is evidence that consent was collected in a manner that meets regulatory requirements. When regulators or auditors ask an organization to demonstrate that a user gave consent, the receipt is what gets produced. It also supports the user’s right to withdraw consent, because the system can reference the receipt to identify exactly what was agreed to and reverse it.

Receipts can be stored internally or provided to the user as a portable record. Standardization efforts have proposed machine-readable formats to make receipts interoperable across organizations.

For CIAM, consent receipts provide the auditable proof that customer consent was properly obtained, which is essential for demonstrating compliance with regulations like the GDPR.